Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/
modexp
Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy
Introduction The surveillance spyware FinFisher, also known as FinSpy, uses what Microsoft called an “interesting and quite unusual” method of process injection via the KernelCallBackTa…
CVE-2022-0329 and the problems with automated vulnerability management https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/
tomforb.es
CVE-2022-0329 and the problems with automated vulnerability management
Update: Github have responded and said they will stop sending notifications about this CVE. Yesterday Github started notifying tens of thousands of people about a critical remote code execution vulnerability in a package named loguru. Their reviewed advisory…
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Pwnkit: How to exploit and check https://beny23.github.io/posts/pwnkit_how_to_check_and_exploit/
beny23.github.io
Pwnkit: How to exploit and check
Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This…
What went wrong? Quoting from the original researchers:
This…
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation https://github.com/ly4k/PwnKit
GitHub
GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation - ly4k/PwnKit
Heap tricks never get old - Insomni'hack teaser 2022 https://www.synacktiv.com/en/publications/heap-tricks-never-get-old-insomnihack-teaser-2022.html
Synacktiv
Heap tricks never get old - Insomni'hack teaser 2022
The Synacktiv team participated in the Insomni'hack teaser 2022 last week-end and placed 9th out of 280 teams.
Cobalt Strike, a Defender’s Guide – Part 2 https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
The DFIR Report
Cobalt Strike, a Defender’s Guide – Part 2
Our previous report on Cobalt Strike focused on the most frequently used capabilities that we had observed. In this report, we will focus on the network traffic it produced, and provide some easy w…
Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP) https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
Perception Point
CVE-2022-22583 Analysis: Bypassing macOS SIP
Learn about how we discovered CVE-2022-22583, a vulnerability that allows attackers to bypass macOS SIP and take control of the system.
Scanning for Generalized Transient Execution Gadgets in the Linux Kernel https://www.vusec.net/projects/kasper/
vusec
Kasper - vusec
Scanning for Generalized Transient Execution Gadgets in the Linux Kernel TL;DR We present Kasper, a transient (or speculative) execution gadget scanner. It uses taint analysis policies to model an attacker capable of exploiting arbitrary software/hardware…
Reverse engineering the 1988 NeXT keyboard protocol https://journal.spencerwnelson.com/entries/nextkb.html
Workshop: An Introduction to macOS Forensics with Open Source Software https://jsac.jpcert.or.jp/archive/2022/pdf/JSAC2022_workshop_macOS-forensic_jp.pdf
Stop Storing Secrets In Environment Variables! https://blog.forcesunseen.com/stop-storing-secrets-in-environment-variables
Nice intro » ROP Chaining: Return Oriented Programming https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming
www.ired.team
ROP Chaining: Return Oriented Programming | Red Team Notes
Great material here! » Reverse Engineering 3201: Symbolic Analysis https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+RE3201_symexec+2021_V1/about
p.ost2.fyi
Reverse Engineering 3201: Symbolic Analysis
This class is an introduction to Symbolic Analysis and Execution of binaries. It requires you to know x86-64 assembly, and be comfortable with Python3 programming.
Wow! Now, you can debug the heap exploitation techniques in your browser directly using gdb, that's great! https://github.com/shellphish/how2heap
GitHub
GitHub - shellphish/how2heap: A repository for learning various heap exploitation techniques.
A repository for learning various heap exploitation techniques. - shellphish/how2heap
Zerodium looks to buy zero-days in Outlook and Thunderbird email clients https://therecord.media/zerodium-looks-to-buy-zero-days-in-outlook-and-thunderbird-email-clients/
therecord.media
Zerodium looks to buy zero-days in Outlook and Thunderbird email clients
US-based exploit broker Zerodium announced plans today to pay $200,000 and $400,000 for zero-day exploits in Mozilla Thunderbird and Microsoft Outlook, respectively, two of today\'s most popular and widely used desktop email clients.
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
Microsoft Security Blog
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA | Microsoft Security Blog
We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.